04.01.14

Summary: UEFI ‘secure’ boot is bricking laptops again, showing that there are worse aspects to UEFI than the anti-competitive (anti-GNU/Linux) nature of it

THERE IS a new UEFI nightmare scenario, which relates somewhat to the fact that the NSA can remotely destroy (as in brick) computers with UEFI, provided they use a ‘faulty’ implementation of UEFI [1] (UEFI ‘secure’ boot is faulty by design). “”Beware Samsung laptops” is a lesson the Linux community has already learned,” says the author of the article, but why not name UEFI also? “For Swedish Linux users,” he says, “the main lesson seems to be “Ask your big-box store salesperson to certify in writing that the machine she sells you is capable of running Linux equally well as it runs Windows”.”

This is becoming a serious issue. Germany has already pretty much banned machines with UEFI ‘secure’ boot, perhaps realising the potential hazards. Here in the UK there is concern about Windows in general, even among CESG staff (the CESG’s Web site has been down for half a day now, seemingly after getting cracked, following a migration to Windows 2 years ago). To quote CESG: “Local authorities connect to central government systems through a Public Services Network (PSN), via which they can share essential services in an effort to drive efficiency. GCHQ IT security arm CESG provides advice and certification for councils using the PSN.

“According to Gartner’s public sector research director Neville Cannon, CESG rules state that in order to connect to the PSN, authorities must run “patchable” software, which means those running XP after D-day could be in serious trouble.”

As detailed here before, a few Samsung laptop models have a firmware bug that makes them liable to becoming inert bricks if you install Linux. It’s a one-way process. This happened to me when I bought an ultrabook from the Elgiganten big-box store last summer. Both Samsung and the store refused to reimburse me for the loss of my machine’s use. At the suggestion of my home municipality’s consumer advisor (konsumentrådgivare), I took the matter to Allmänna reklamationsnämnden, the National Board for Consumer Disputes (complaint no 2013-10081).

The criminal enterprise known as Microsoft finds itself embarrassingly exposed in the courtroom, for the IRS belatedly (decades too late) targets the company in an effort to tackle massive tax evasions

A look at some of last week's patent news, with imperative responses that criticise corporate exploitation of patents for protectionism (excluding and/or driving away the competition using legal threats)

Vista 10 to bring new ways for spies (and other crackers) to remotely access people's computers and remotely modify the binary files on them (via Windows Update, which for most people cannot be disabled)